This is a short doc for all ways of doing ssh-oidc

Quick test via web browser

1. Point your browser to https://ssh-oidc-web.data.kit.edu

Quick setup to test ssh/oidc (client side)

0. Add the suitable repository for your linux distribution from https://repo.data.kit.edu

1. Install and configure oidc-agent

   • Installation:
     • yum install oidc-agent
     • apt-get install oidc-agent
   • Configuration:
     • EGI Check-in: oidc-gen --pub --iss https://aai.egi.eu/oidc --scope "openid profile email offline_access eduperson_entitlement eduperson_scoped_affiliation eduperson_unique_id" egi
     • WLCG: oidc-gen --pub --issuer https://wlcg.cloud.cnaf.infn.it/ --scope "openid profile offline_access eduperson_entitlement eduperson_scoped_affiliation wlcg.groups wlcg" wlcg
     • Helmholtz-AAI: oidc-gen --pub --iss https://login.helmholtz.de/oauth2/ --scope "openid profile email offline_access eduperson_entitlement eduperson_scoped_affiliation eduperson_unique_id" helmholtz
     • Google: oidc-gen --pub --iss https://accounts.google.com/ --flow device --scope max google
   • Alternative: Get an Access Token in any other way

2. Install oinit client:

   • yum install oinit
   • apt install oinit

3. ssh to the ssh-oidc-web machine:

   • ssh ssh-oidc-web.data.kit.edu

In case of questions and / or free beer, contact us at ssh-oidc@lists.kit.edu

Frequently Asked Questions

Are collected in our faq

Privacy Statement